Sunday, August 10, 2014

I’m sure there is a better way to accomplish this…

In my GSD blog post Anti-Malware Response "Go Kit" I outlined a variety of tool-sets and standalone tools that I carry on my USB flash drive for dealing with malware responses on friends/family systems.

I’m sure there is a better way to do this, but this was my “it works for me” result. I’m not posting the actual files (at least in fullness for now) but will show you the basics so you can build your own if you want.

To get the ball rolling, I made a “landing zone” folder on my Windows system at C:\TEMP\AMW_Packages

This is where I wanted to download the updated files into. I wanted to keep it separate in case I decided I didn’t want to end up overwriting any of my previous files. So once all the packages are downloaded here, I will manually copy them over onto my USB drive folder where they reside full-time.

I then created a Windows BAT file called “a-AMW_Package downloader.bat”

It does a few things.

It deletes all the files/folders in the “C:\TEMP\AMW_Packages” location to get a clean start.

It then runs down a list of the utilities I need to get/update, and downloads them into the “C:\TEMP\AMW_Packages” folder using PowerShell. (I know! Cool!)

Then, there are some packages that have some fancy dynamic page tricks/EULA’s that make getting those binary files a bit of a hassle. Some of those I was able to work around with the PowerShell commands below. However others were not so cooperative. And that was OK.

So at the end of the BAT file, it calls a custom EXE called “a-BAT-IECall.exe”. That file was a different PowerShell script block I came up with to open up all those “problem” site URL’s in a single Internet Explorer window session, each in a different tab; more on it in a bit.

The resulting automatically opened IE window allows me to review/download those “manually” as needed. (I guess I could put it at the front so I could be manually downloading those as the script continues to run in the background. But this made sense to me. I also dropped some FYI URL pages as well there to remind me of some tricks I keep forgetting or to see if any new tools are available that I may want to add to my tool-kit.

Here is an abbreviated version of the BAT file “a-AMW_Package downloader.bat” contents. You should be able to get the gist of what I am doing and add more lines for other resources you may want/need.

:: Misc Tools and Utilities (Now we fire up IE via a PowerShell script) so we can launch IE and the link URLs in tabs for manual download if we need them.

a-BAT-IECall.exe

Exit

Just add more of those download lines for all the tools you need as long as the URL download links are functional with this method.

So next, about that “a-BAT-IECall.exe”

This took a bit of creative work to generate. There are other ways to launch IE in a standard BAT file, but it ended up opening each URL in a separate IE window that cluttered up my system, despite my best attempts. So this way worked perfectly, and because: PowerShell!

The PowerShell script that is the heart of the engine looks like this:

I was able to make changes to some of the “binary.file” names to change the name as it got saved, and in some cases the URL path didn’t actually contain a binary.file name in the path but it still handled it OK. Once you have the format down you can experiment a bit. See below for one example:

Start daily programs – More n00bz fun with #Powershell! - The MidnightDBA Star-Times - Jen McCown’s script here was the clincher. I just took part of her script section dealing with the URL opening, experimented a bit to get it to flow better, and I was off to the races! Thanks Jen!

PowerShell script in a .bat file - Dmitry's Blog: Cloud, PowerShell and beyond - Dmitry had lots of great tips and ideas, but I never could get the encoded script to generate the string. Obviously I’m a noobie and doing something wrong…

Again, any tips, tricks or alternative suggestions would be appreciated!

Cheers!

--Claus V.

P.S. Microsoft has a number of tools for scanning/removing malware from a system.

Microsoft Malicious Software Removal Tool - This is on most all Windows systems as the MRT.EXE file. Type “MRT.exe” in the RUN bar and you will be off to the races (assuming Windows Updates are current, otherwise download the file manually above or effectiveness will be diminished.)

Working on the URL/Download location for this one led me to discover the Windows Defender Offline tool that may have replaced (?) the Microsoft Standalone System Sweeper. This one is for most “modern” versions of Windows but if you are running Windows 8.1 you will need to jump to this Windows Defender Offline Beta build page.

2 comments:

Hi Claus, I wonder if you have heard of the GEGeek toolkit. It contains a huge number of PC repair tools and also a utility called Keratin which you can use to search for and download any updates to the portable apps in the toolkit. I've tried it and it seems to work well. The link is at the bottom of this comment. It looks a little odd but it is safe. If you scroll down that page you will find info on how Keratin works.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!